原英文版地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/sql-rest-params.html, 原文档版权归 www.elastic.co 所有
本地英文版地址: ../en/sql-rest-params.html
重要: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 当前版本文档
Elasticsearch Guide [7.7] » SQL access » SQL REST API » Passing parameters to a query
« Columnar results Supported REST parameters »

Passing parameters to a queryedit

Using values in a query condition, for example, or in a HAVING statement can be done "inline", by integrating the value in the query string itself:

POST /_sql?format=txt
{
	"query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > 300 AND author = 'Frank Herbert' GROUP BY year HAVING COUNT(*) > 0"
}

or it can be done by extracting the values in a separate list of parameters and using question mark placeholders (?) in the query string:

POST /_sql?format=txt
{
	"query": "SELECT YEAR(release_date) AS year FROM library WHERE page_count > ? AND author = ? GROUP BY year HAVING COUNT(*) > ?",
	"params": [300, "Frank Herbert", 0]
}

The recommended way of passing values to a query is with question mark placeholders, to avoid any attempts of hacking or SQL injection.

« Columnar results Supported REST parameters »